PowerShell for Windows Admins

I decided it was time to clean some of the rubbish out of my test AD. I’ll be upgrading to Windows Server 2012 R2 next month so a bi tof a clean up now is a good idea.

I decided to start with the computer objects. I’ve created & deleted quite a few virtual machines over the years so there’s a good chance of finding something to remove. Computes in an AD domain have a secure channel to the domain controller to which they authenticate on startup. The password on this channel is reset automatically every 30 days. Any machines that haven’t reset their password in a while a probably good candidtes for removal:

Not what I was expecting. The error message is what you get when trying to delete an OU with objects still in it but a computer object is a leaf object.

It turns out that the computer object can contain other objects especially when its a virtual machine. Unfortunately, the only way to see this is to use ADSIEdit. This is the full ADSIedit you need not the Attribute Editor in AD Users & Computers or AD Administrative Center. When I looked in ADSIEdit I saw there was indeed a child object

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

About This Blog

A blog for Windows administrators, Architects, Consultants and System Integrators maximizing the use of PowerShell and WMI. Simple solutions to everyday problems using two tools that should be available on every Windows system. Save time, save effort, script now!